fix: ensure ExecutionStack cannot exceed MAX_STACK_SIZE #65
Conversation
sdbondi
force-pushed
the
sb-tariscript-add-opcode-len
branch
from
a18cd1f
to
451dc49
Compare
sdbondi
changed the title
sdbondi
force-pushed
the
sb-tariscript-add-opcode-len
branch
from
451dc49
to
a7bbd35
Compare
sdbondi
changed the title
sdbondi
force-pushed
the
sb-tariscript-add-opcode-len
branch
2 times, most recently
from
27ebe1b
to
c46f768
Compare
|
@CjS77 What are your thoughts on limiting the number of ops per script in tari crypto? |
|
We have an implicit limit on ops since we limit the script size, don't we? Edit: It seems we don't 😱 though I could have sworn I put a limit on the serialised script size in the consensus validation code. Either I forgot, or it's been removed; I don't feel like digging right now. So we absolutely must put a limit on the script size. I would do it in the consensus code since we may want different rules for different chains. Testnet and Mainnet should match up; but experimental chains like Igor may need a different limit. I would put the limit on the serialized length rather than straight opcode count because it's the serialized script that takes up precious space in the block pre-pruning. Another reason not use a naiive opcode count is that opcodes are far from equal. An So: serialized limit mitigates "block stuffing spam attacks", and mitigates expensive opcode attacks to some degree. I don't know what the script limit should be, but it should be large enough to allow reasonable complicated smart contracts, but small enough to prevent block stuffing. 2048 bytes might be a good starting point and see whether this is too restrictive. Next thing to look at is, What kind of expensive scripts can I write that fit in this limit? Hashes and sig checks are the most expensive operations, so we could run some benchmarks to test where performance starts to affect consensus. Multisigs have a self-brake on them because we require the pubkeys to be part of the script, and not just pop them off the stack. So you can't just slap up 2000 multisig opcodes. The maximum would be m of 7 with a 2048 byte limit. |
|
We currently don't impose a byte limit on the script in consensus, but makes sense to do it in validation rather than a hard coded limit in tari_crypto. 👍 |
sdbondi
force-pushed
the
sb-tariscript-add-opcode-len
branch
from
c46f768
to
0a2c285
Compare
Agree. I was editing my last comment when you posted this. |
…#3640) Description --- - Adds consensus rules for maximum script byte size Breaking changes: If an existing script is larger than 2048, that block/output will fail to validate on upgraded nodes. I have not explicitly checked this but the largest scripts used currently on testnet are one-sided payments and they are well within the limit. Motivation and Context --- See [@CjS77 comment](tari-project/tari-crypto#65 (comment)) TODO: Ideally, in order to not negatively impact validation performance, we should not have to serialise the script again to gain its byte size. How Has This Been Tested? --- New unit test, basic manual test
size()to tari scriptrequired to limit the maximum number of script elements in transaction and block validation